In a hardware client for remote logon to a network, a two layer authentication protocol enables authorized users to log on while discouraging unauthorized users. The hardware client prevents logging on to the network if the hardware client is stolen. The hardware client itself is authenticated in the first authentication layer in order to establish a link to the network. Then a client computer authenticates in a second layer and further establishes a secure connection to the network. If the power of the hardware client goes off (as it would if or example it were unplugged for transport), then the authentication is not saved and therefore is lost. The hardware client must be reauthenticated before it can be used again.